<?php
ob_start();
session_start();
include 'database.php'; 

if(!isset($_SESSION['myusername'])){


	// Define $myusername and $mypassword 
	$myusername=$_POST['myusername']; 
	$mypassword=$_POST['mypassword']; 

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);

	$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
	$result=mysqli_query($dbcon, $sql);

	// Mysql_num_row is counting table row
	$count=mysqli_num_rows($result);
	// If result matched $myusername and $mypassword, table row must be 1 row	

	if($count==1){

		// Register $myusername, $mypassword and redirect to file "login_success.php"
		$_SESSION['myusername'] = $myusername;
		$_SESSION['mypassword'] = $mypassword;
		
		// Klant gegevens ophalen
		$sqlid = "SELECT * FROM members WHERE username='".$_SESSION['myusername']."' ";	
		$_SESSION['member_id'] = mysqli_query($dbcon, $sqlid) or die('poeo');	
		$_SESSION['members'] = mysqli_fetch_assoc($_SESSION['member_id']);
		
		$sqlid2 = "SELECT * FROM gegevens WHERE klantid='".$_SESSION['members']['id']."' ";	
		$_SESSION['klant'] = mysqli_query($dbcon, $sqlid2) or die('poeo');	
		$_SESSION['klantgev'] = mysqli_fetch_assoc($_SESSION['klant']);
		
		// Member rol ophalen
		
		
		header("location:login_success.php");
		
	}
	else {
	echo "Wrong Username or Password";
	}
}


ob_end_flush();
?>

